diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | sshd.8 | 18 |
2 files changed, 21 insertions, 3 deletions
| @@ -4,6 +4,10 @@ | |||
| 4 | [sshd_config.5] | 4 | [sshd_config.5] |
| 5 | Document HostbasedUsesNameFromPacketOnly. Corrections from jmc@, | 5 | Document HostbasedUsesNameFromPacketOnly. Corrections from jmc@, |
| 6 | ok jmc@ djm@ | 6 | ok jmc@ djm@ |
| 7 | - dtucker@cvs.openbsd.org 2006/08/21 08:15:57 | ||
| 8 | [sshd.8] | ||
| 9 | Add more detail about what permissions are and aren't accepted for | ||
| 10 | authorized_keys files. Corrections jmc@, ok djm@, "looks good" jmc@ | ||
| 7 | 11 | ||
| 8 | 20060824 | 12 | 20060824 |
| 9 | - (dtucker) [openbsd-compat/basename.c] Include errno.h. | 13 | - (dtucker) [openbsd-compat/basename.c] Include errno.h. |
| @@ -5306,4 +5310,4 @@ | |||
| 5306 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 5310 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
| 5307 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 5311 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
| 5308 | 5312 | ||
| 5309 | $Id: ChangeLog,v 1.4511 2006/08/30 01:06:34 djm Exp $ | 5313 | $Id: ChangeLog,v 1.4512 2006/08/30 01:07:00 djm Exp $ |
| @@ -34,7 +34,7 @@ | |||
| 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 36 | .\" | 36 | .\" |
| 37 | .\" $OpenBSD: sshd.8,v 1.233 2006/07/19 13:07:10 dtucker Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.234 2006/08/21 08:15:57 dtucker Exp $ |
| 38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
| 39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
| 40 | .Os | 40 | .Os |
| @@ -681,9 +681,23 @@ rlogin/rsh. | |||
| 681 | .It ~/.ssh/authorized_keys | 681 | .It ~/.ssh/authorized_keys |
| 682 | Lists the public keys (RSA/DSA) that can be used for logging in as this user. | 682 | Lists the public keys (RSA/DSA) that can be used for logging in as this user. |
| 683 | The format of this file is described above. | 683 | The format of this file is described above. |
| 684 | This file is not highly sensitive, but the recommended | 684 | The content of the file is not highly sensitive, but the recommended |
| 685 | permissions are read/write for the user, and not accessible by others. | 685 | permissions are read/write for the user, and not accessible by others. |
| 686 | .Pp | 686 | .Pp |
| 687 | If this file, the | ||
| 688 | .Pa ~/.ssh | ||
| 689 | directory, or the user's home directory are writable | ||
| 690 | by other users, then the file could be modified or replaced by unauthorized | ||
| 691 | users. | ||
| 692 | In this case, | ||
| 693 | .Nm | ||
| 694 | will not allow it to be used unless the | ||
| 695 | .Cm StrictModes | ||
| 696 | option has been set to | ||
| 697 | .Dq no . | ||
| 698 | The recommended permissions can be set by executing | ||
| 699 | .Dq chmod go-w ~/ ~/.ssh ~/.ssh/authorized_keys . | ||
| 700 | .Pp | ||
| 687 | .It ~/.ssh/environment | 701 | .It ~/.ssh/environment |
| 688 | This file is read into the environment at login (if it exists). | 702 | This file is read into the environment at login (if it exists). |
| 689 | It can only contain empty lines, comment lines (that start with | 703 | It can only contain empty lines, comment lines (that start with |